U-Arturo Borrero, umthuthukisi we-Debian oyingxenye ye-Netfilter Project Coreteam kanye nomnakekeli wamaphakheji ahlobene nama-nftables, ama-iptables kanye nesihlungi se-Debian, hambisa ukukhishwa okukhulu okulandelayo kwe-Debian 11 ukuze usebenzise ama-nftable ngokuzenzakalelayo. Uma isiphakamiso sivunyiwe, amaphakheji anama-iptables azokwehliselwa esigabeni sezinketho zokuzithandela ezingafakiwe kuphakheji eyisisekelo.
Isihlungi sephakethe le-Nftables siphawuleka ngokuhlanganiswa kwaso kwezindawo zokuhlunga iphakethe ze-IPv4, IPv6, ARP kanye namabhuloho enethiwekhi. I-Nftables inikeza kuphela isixhumi esibonakalayo esijwayelekile, esizimele esisekelwe kuphrothokholi ezingeni le-kernel esihlinzeka ngemisebenzi eyisisekelo yokukhipha idatha kumaphakethe, ukwenza imisebenzi yedatha, nokulawula ukugeleza. I-logic yokuhlunga ngokwayo kanye nezibambi eziqondene nephrothokholi kuhlanganiswa ku-bytecode esikhaleni somsebenzisi, ngemva kwalokho le-bytecode ilayishwa ku-kernel kusetshenziswa isixhumi esibonakalayo se-Netlink futhi sisetshenziswe emshinini obonakalayo okhethekile okhumbuza i-BPF (Izihlungi Zephakethe Le-Berkeley).
Ngokuzenzakalelayo, i-Debian 11 iphinde inikeze i-firewall firewalld enamandla, eklanywe njengesisonga phezu kwama-nftables. I-Firewalld isebenza njengenqubo yangemuva ekuvumela ukuthi uguqule ngokuguqukayo imithetho yesihlungi sephakethe nge-DBus ngaphandle kokuthi ulayishe kabusha imithetho yesihlungi sephakethe noma ukwephula uxhumo olumisiwe. Ukuphatha i-firewall, i-firewall-cmd isetshenziswa, okuthi, lapho kwakhiwa imithetho, ingasekelwe kumakheli e-IP, ukuxhumana kwenethiwekhi nezinombolo zamachweba, kodwa kumagama ezinsizakalo (isibonelo, ukuvula ukufinyelela ku-SSH okudingeka sebenzisa okuthi “firewall-cmd —engeza —service= ssh”, ukuvala i-SSH – “firewall-cmd –remove –service=ssh”).
Source: opennet.ru